diff options
| author | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2020-12-31 13:26:46 +0300 |
|---|---|---|
| committer | Heinrich Schuchardt <xypron.glpk@gmx.de> | 2020-12-31 16:33:23 +0300 |
| commit | fe179d7fb5c10d8a4e299af06c766f47f2c8d51a (patch) | |
| tree | 5c762b7b7158c4692a774708b42af30726540a4d /lib/efi_loader | |
| parent | 47d2b3b9c98e1adf231f8143bc01b0046ebd5c9c (diff) | |
| download | u-boot-fe179d7fb5c10d8a4e299af06c766f47f2c8d51a.tar.xz | |
efi_loader: Add size checks to efi_create_indexed_name()
Although the function description states the caller must provide a
sufficient buffer, it's better to have in function checks that the
destination buffer can hold the intended value.
So let's add an extra argument with the buffer size and check that
before doing any copying.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Diffstat (limited to 'lib/efi_loader')
| -rw-r--r-- | lib/efi_loader/efi_capsule.c | 7 | ||||
| -rw-r--r-- | lib/efi_loader/efi_string.c | 10 |
2 files changed, 12 insertions, 5 deletions
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index ea22ee7968..4ef2546267 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -73,8 +73,8 @@ void set_capsule_result(int index, struct efi_capsule_header *capsule, struct efi_time time; efi_status_t ret; - efi_create_indexed_name(variable_name16, "Capsule", index); - + efi_create_indexed_name(variable_name16, sizeof(variable_name16), + "Capsule", index); result.variable_total_size = sizeof(result); result.capsule_guid = capsule->capsule_guid; ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL)); @@ -896,7 +896,8 @@ efi_status_t efi_launch_capsules(void) free(files); /* CapsuleLast */ - efi_create_indexed_name(variable_name16, "Capsule", index - 1); + efi_create_indexed_name(variable_name16, sizeof(variable_name16), + "Capsule", index - 1); efi_set_variable_int(L"CapsuleLast", &efi_guid_capsule_report, EFI_VARIABLE_READ_ONLY | EFI_VARIABLE_NON_VOLATILE | diff --git a/lib/efi_loader/efi_string.c b/lib/efi_loader/efi_string.c index 3de721f06c..9627242288 100644 --- a/lib/efi_loader/efi_string.c +++ b/lib/efi_loader/efi_string.c @@ -23,13 +23,19 @@ * Return: A pointer to the next position after the created string * in @buffer, or NULL otherwise */ -u16 *efi_create_indexed_name(u16 *buffer, const char *name, unsigned int index) +u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name, + unsigned int index) { u16 *p = buffer; char index_buf[5]; + size_t size; + size = (utf8_utf16_strlen(name) * sizeof(u16) + + sizeof(index_buf) * sizeof(u16)); + if (buffer_size < size) + return NULL; utf8_utf16_strcpy(&p, name); - sprintf(index_buf, "%04X", index); + snprintf(index_buf, sizeof(index_buf), "%04X", index); utf8_utf16_strcpy(&p, index_buf); return p; |